mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-02 07:38:22 +00:00
Kevin Veen-Birkenbach
654131ab89
- Introduce shared CAPTCHA settings and RECAPTCHA_ENABLED/HCAPTCHA_ENABLED flags in group_vars - Wire reCAPTCHA/hCaptcha credentials into EspoCRM, Keycloak, Listmonk and Nextcloud - Replace EspoCRM set_flags.php with generic seed_config.php and hook it into entrypoint/env - Fix run_once handling in sys-ctl-cln-disc-space and minor CSS Jinja spacing issue https://chatgpt.com/share/692a1d4f-1154-800f-a4ae-bb068aa24a53
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
load_dependencies: True # When set to false the dependencies aren't loaded. Helpful for developing
|
|
actions:
|
|
import_realm: True # Import REALM
|
|
features:
|
|
matomo: true
|
|
css: true
|
|
desktop: true
|
|
ldap: true
|
|
central_database: true
|
|
recaptcha: "{{ RECAPTCHA_ENABLED | bool }}"
|
|
|
|
# Doesn't make sense to activate logout page for keycloak, because the logout page
|
|
# anyhow should be included via iframe in keycloak.
|
|
# The JS is also messing with the keycloak config fields
|
|
# @todo optimize the JS
|
|
logout: false
|
|
server:
|
|
csp:
|
|
flags:
|
|
script-src-elem:
|
|
unsafe-inline: true
|
|
script-src-attr:
|
|
unsafe-inline: true
|
|
style-src-attr:
|
|
unsafe-inline: true
|
|
whitelist:
|
|
frame-src:
|
|
- "*" # For frontend channel logout it's necessary that iframes can be loaded
|
|
domains:
|
|
canonical:
|
|
- "auth.{{ PRIMARY_DOMAIN }}"
|
|
aliases: []
|
|
scopes:
|
|
nextcloud: nextcloud
|
|
|
|
docker:
|
|
services:
|
|
keycloak:
|
|
image: "quay.io/keycloak/keycloak"
|
|
version: "latest"
|
|
name: "keycloak"
|
|
cpus: "2.0"
|
|
mem_reservation: "2g"
|
|
mem_limit: "4g"
|
|
pids_limit: 1024
|
|
database:
|
|
enabled: true
|
|
credentials:
|
|
recaptcha:
|
|
key: "{{ CAPTCHA.RECAPTCHA.KEY }}"
|
|
secret: "{{ CAPTCHA.RECAPTCHA.SECRET }}"
|
|
accounts:
|
|
bootstrap:
|
|
username: "administrator"
|
|
system:
|
|
username: "{{ SOFTWARE_NAME | replace('.', '_') | lower }}" |